<?php
session_start();

try {
    if (!$_GET['xh'])throw new Exception('必须提供要删除记录的学号信息');
    $hasRight=$_SESSION['user']['xh']===$_GET['xh'];//判断用户是否有修改的权限
    $hasRight=$_SESSION['user']['xh']===$_GET['xh'] || $_SESSION['user']['isAdmin'];//判断用户是否有修改的权限
    if (!$hasRight)throw new Exception('对不起，你没有删除他人记录的权限~');
    $db=new PDO("mysql:host=localhost;dbname=db5;", 'root', '12qwas');
    $db->prepare(query: 'delete from students where xh=?')->execute(array($_GET['xh']));
    header("Location: index.php") or die();
    return;
}catch(Exception $e){
    $msg=$e->getMessage();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-uA-Compatible" content="ie=edge">
    <title>删除记录</title>
    <style>h1{ color:red;}</style>
</head>
<body>
<h1>删除记录错误信息</h1>
<p><?= $msg ?></p>
</body>
</html>